Cisco Prime IP Express Technical Data Sheet

Available Languages

Download Options

Demands on today’s business networks are extensive - from the ever increasing numbers of connected users and personal devices in the workplace, requirements for anytime, anywhere network access, and shifts to virtualization and IPv6 to ongoing security concerns and more. And these demands are placing stress on two core enabling IP services, DNS and DHCP, as well as IP address management. Current operational processes, largely manual, simply do not scale. Enterprises require an integrated, standards-compliant and comprehensive solution to simplify management of IP addresses and provide reliable, always on DNS and DHCP services.

Product Overview

Cisco Prime™ IP Express is designed to quickly, easily, and securely manage IP addresses within an enterprise. This reliable, high-performance and cost-effective solution provides integrated Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), and centralized IP address management (IPAM) services. It is specifically designed for today’s enterprise networks - with associated emerging Internet technologies, mobile device proliferation, new security threats, bring-your-own-device (BYOD) movement, and high level of virtualization all in mind.

Users expect to be able to bring their personal mobile devices to work. Self-provisioning these devices securely and cost effectively requires a BYOD interface that integrates with a secure external authentication service like Microsoft Active Directory (AD). Providing terms of use, branding, and identity confirmation all lead to an in-house provisioning experience that will lower operating expenses (OpEx) while satisfying administrators and end users.

DHCP is a core network access technology - every device must be assigned a unique address when connected to the network, a virtually impossible task to undertake manually. The number of connected users and connected devices within the organization continues to grow, as employees want to access services from any laptop, smartphone, or virtual desktop over Wi-Fi, cellular, and wired networks. Given this growth, as well as the increase in demand for network services driven by rich-media applications such as voice over IP (VoIP) and video, automating the tracking and controlling of users and devices with a high-capacity DHCP server is imperative.

With the continual deployment of new IP services and technologies and, again, the increasing number of connected users and the explosive growth in connected devices, today's complex networks also require a full-featured, automated IPAM solution. Spreadsheets and homegrown applications are inefficient, labor-intensive, and error-prone. Without a next-generation, scalable IPAM system to plan, track, and manage the full lifecycle of IP address space and ease the transition to IPv6, enterprises risk operating inefficiencies and unnecessary costs.

Cisco Prime IP Express includes the following integrated components - all supporting both IPv4 and IPv6:

●Fast and scalable: The Cisco Prime IP Express DHCP server has the ability to assign more than 47,000 DHCP leases per second. And the recursive, extremely fast DNS caching server offers significant acceleration of DNS query throughput. The solution is also the industry's most scalable DHCP server - supporting millions of devices in a single customer deployment.

●Support for IPv6 and virtualization: The solution provides integrated, full lifecycle management for IPv4 and IPv6 (including US Government IPv6 certification) and allows dual-stack deployments on a single server. And extensive support for virtual machines and the related provisioning and administration of IP addresses helps enterprises manage the transition to virtualized environments.

Using the basic configuration mode with setup wizards for the DHCP and DNS components, users can easily perform DHCP and DNS configuration by entering the parameters that are essential for the configuration. An advanced configuration mode is available for users with more in-depth experience with DHCP and DNS configuration. Users can quickly set up and configure Cisco Prime IP Express DHCP and DNS properly to facilitate IP-based services such as VoIP, LAN, and so on.

The Cisco Prime IP Express BYOD integrated captive portal is easy to use and allows for self-service device registration and management. It enables employees to use their own mobile devices for business communications in a managed way - with the correct IP addresses and network settings. And it allows enterprise network operators to accelerate provisioning of a large number of devices and acquire information about all devices being configured on the network. The BYOD captive portal is customizable and allows an organization to add specific terms and conditions, color schemes, and company logos.

Standards and Regulatory Compliance

Full visibility into lease history for IPv4 and IPv6

Cisco Prime IP Express DHCP provides the ability to query DHCP lease history for IPv4 and IPv6. Searching of lease history is possible both at the local and regional cluster level and is compliant with European Union privacy regulations. Lease history maintains client identifier to expedite client lookups.

This feature is used in lawful intercept solutions and for long-term storage of customer data for regulatory compliance and operational efficiency.

DNSSEC government mandate compliance

For some U.S. government agencies, DNSSEC is an operational mandate. On 22 August 2008, the Office of Management and Budget (OMB) released a memorandum requiring U.S. federal agencies to deploy DNSSEC across .gov sites. In addition, in July 2011, several additional zones were signed using DNSSEC, including .net and .com.

The Cisco Prime IP Express caching server offers DNSSEC support that helps to provide authenticated data to the end user, providing validation that DNS data has been signed.

Cloud Support

Support for virtualized environments

Cisco Prime IP Express provides:

●Automated tracking of IP addresses and DNS bindings in public and private clouds

●Support for role-based administration of DNS, DHCP, and IPAM for multidomain environments

●A single view across the entire IP address space that combines physical and virtual networks

●Extensive IPAM information about virtual assets, including location, type, MAC address, and more

Cisco Prime IP Express offers a virtualized deployment package.

IPAM Rich Graphical User Interface

Intuitive GUI

●A web-based interface allows administrators to quickly visualize the network and allocate addresses based on current and future requirements. The GUI allows users to associate address blocks easily with geography, topology, or other user-defined hierarchies through the use of a container model.

●The GUI provides administrators with a real-time snapshot of the network that reduces the amount of time it takes a user to perform certain tasks, including keystrokes, mouse clicks, pointing, selecting an item from a list, and more.

●Context-sensitive help offers information specific to the task for greater user productivity.

Simplified Dashboard, Tracking, and Reporting Capabilities

Real-time server status dashboards

The DNS, DNS caching, and DHCP component dashboards provide at-a-glance, real-time indicators of the server health, system metrics, alarms and alerts, and inventories of the respective Cisco Prime IP Express servers. The dashboards display graphs for monitoring DHCP and DNS general information, throughput, and error data that can affect network operations. To measure address usage over time, the DHCP component dashboard can collect DHCP metrics for a time period and present graphs showing trends that are useful for capacity planning. Benefits include improved network maintenance and increased uptime.

IPAM historic reporting, tracking, and trending

●Address utilization data is tracked and trended for reporting purposes.

•Multiple graphical reports provide information at any level in the container or address block hierarchy to manage IP address space capacity from both an address pool perspective and a network/subnet perspective.

Planning for hierarchical IPv4 and IPv6 address space with a continual feedback loop

●Planning tools facilitate development of a disciplined IPv4 and IPv6 address plan that can be deployed, monitored, and tracked automatically - for a continuous feedback loop to assure accuracy and provide an overall management view.

●Users can plan and stage the following interrelated entities for immediate or future deployment to DHCP and DNS servers: IP block or subnet allocation, IP address assignment, IPv6 prefixes and links, addition of a new DHCP pool and associated parameters, or DNS domain, server configuration, or resource records.

●Client classes may be used to associate classes of devices with policies and options. For instance, users can easily create a VoIP client class with a policy set to provide an address out of a given scope or prefix with associated options.

●Users can create a client class configuration where specific client detail is stored.

Users can set up thresholds and alerts - for example, for notification if an address space is over a designated utilization percentile or if an address pool is forecasted to deplete within a designated time frame - for proactive management. These capabilities help to facilitate planning and minimize network outages and IP conflicts.

Granular administrator policies within Cisco Prime IP Express IPAM dictate access to and visibility and control of given functions, geographies, domains, subnets, and blocks. For enterprises with multiple operations personnel responsible for different portions of the network and/or different DHCP or DNS servers, administrators are empowered to delineate and partition responsibilities.

Static IP Address Management

Lease reservations

For users with needs for static IP address assignment, Cisco Prime Network IP Express DHCP can handle up to 500,000 lease reservations. Because Cisco Prime IP Express supports failover deployment, the enhanced lease reservation synchronizes the lease reservation between the main and the backup server to ensure that any update to the configuration will be populated between these servers. Modification to the reserved lease configuration can be done through the web UI, a command-line interface (CLI), and the Java Software Development Kit (SDK).

Full-Featured DHCP Server

DHCPv4 and DHCPv6 failover

A simple failover model using TCP provides support for IP address, prefix, and variable-length prefix failover. This allows a backup DHCP server to take over for a main server if the main server is taken off the network for any reason.

Client reservations

Cisco Prime IP Express DHCP provides client reservations for IPv4 and IPv6 addresses as well as IPv6 prefix delegation. This capability allows the DHCP server to reserve a permanent IP address assignment. These reservations can be stored internal to Cisco Prime IP Express (through the Cisco Prime IP Express client entries) or external to Cisco Prime IP Express - either in Lightweight Directory Access Protocol (LDAP) or supplied through the DHCP server's extension interface from other external sources. This avoids the need to synchronize data with Cisco Prime IP Express’ internal databases and provides for a much more dynamic and scalable reservation-based service.

●Apply a customer-defined algorithm or algorithms based on incoming packet content

●Call customers or use third-party extensions written in C/C++ or Tool Command Language (Tcl)

The client class can specify the options supplied to the client - which subnet or prefix to use for address allocation, which DNS server to update, and how to generate the host name, and more - as required for the various device types and service classes in the network.

For example, device types could include phones, printers, and desktop computers.

Extensions

Cisco Prime IP Express DHCP provides powerful extension support to allow for DHCP server processing customization. Extensions can be used to classify client types, add/remove/modify options in packets, query or update an external database, and much more. Extensions are flexible enough to be written in the enterprise development environment - they are written in either Tcl or C/C++ and support all operating platforms and all devices.

Gracefully handles difficult client situations

The DHCP server will handle an avalanche of DHCP client requests by prioritizing and processing the most important requests using a patent-pending discriminating rate limiter. The DHCP server will not collapse under any load, no matter how extreme - it will rapidly work through any backlog and get the network back up as quickly as possible. Also, through the use of an extension, the Chatty Client Filter, the DHCP component handles misbehaving clients. For clients that do not have multiple packets outstanding but still frequently send requests to the DHCP server, the extension will automatically disable such clients and then, if their behavior improves, automatically reenable them. In customer situations this has been shown to decrease packet traffic by more than 50 percent.

Bulk lease query support for DHCPv6

The DHCP server will respond to lease query requests for a large number of DHCPv6 leases using standards-compliant bulk lease query functionality.

Prefix stability for IPv6

Prefix stability allows a client to retain a delegated IPv6 address prefix when the client changes location - for example, during network maintenance, when an administrator performs node splits, or during load-balancing events.

Universal prefix stability allows end users to retain a delegated prefix anywhere in the network. Use of this feature requires administrative assignment of the delegated prefixes and use of a client or lease reservation. It can be deployed across multiple DHCP servers.

Prefix allocation groups

Prefix allocation groups allow users to define multiple prefixes that do not result in multiple lease assignments to clients and to control the order in which the prefixes are used.

If a single DNS primary server fails, dynamic DNS updates will get lost and the actual network will be out of sync with the database. High-Availability DNS enables a pair of DNS primary servers to act as an active standby pair. This feature ensures that a single DNS primary failure does not prevent dynamic DNS updates from DHCP servers from getting recorded.

DNS caching server

The DNS caching server is optimized for its specific role, performing the actual recursion to resolve a given name, resulting in greater simplicity and better performance overall. The server improves speed/performance of high volume recursive queries, and administrators can expect increased performance in end-user applications. The server stores DNS query results locally, which helps to improve efficiency and reduce DNS traffic across the Internet.

DNSSEC support

The Cisco Prime IP Express DNS caching server performs DNSSEC validation andauthenticates DNS data as being published by zone administrators. This helps to ensure the authenticity and integrity of DNS records and servers being accessed. Specifically, DNSSEC validation provides assurance to end-user resolvers that DNS query responses are accurate for signed zones. The DNSSEC server validates signatures of each resource record ultimately to the root zone in accordance with standard DNSSEC protocol.

DNSSEC also protects resource records against DNS vulnerabilities such as DNS cache poisoning.

DNS64 functionality

The Cisco Prime IP Express DNS caching server supports DNS64, synthesizing AAAA (IPv6) records from A (IPv4) records in order to provide an IPv6-only client access to an IPv4-only resource. This capability helps facilitate the migration of IPv4 to IPv6, as many organizations still don’t support IPv6 resource records.

DNS views support

Cisco Prime IP Express provides simplified implementation support for and management of DNS views. DNS views allow presentation of alternate resource record sets (different “views” of the same data) based on the source or destination of the query and whether the query is recursive or not. End users only have to remember a single URL rather than an internal versus external URL. Enterprises can realize operating expense savings through the ability to have a single primary DNS server for both internal and external view servers.

An enterprise domain could apply this concept to name spaces outside of the campus environment to create a true set of internal (on-campus) versus external (Internet-based clients) DNS name resolutions - for enhanced security for systems within a campus LAN.

Domain redirect

DNS administrators can optimize the user experience by helping users get to a predefined URL. The DNS server can be configured to modify response to queries to redirect clients away from known “risky” websites. Administrators can blacklist a domain or list of domains, redirecting the user to a notification page.

NXDomain redirect

Large enterprise network operators can assist users when they make errors while trying to find websites. When a user queries an invalid domain name (that is, the server has no entry), the system will return an “NXDomain” response, meaning nonexistent Internet or intranet domain name.

DNS ENUM configuration

E.164 Number Mapping (ENUM) allows telephone numbers to be resolved to URLs using a DNS-based architecture. Cisco Prime IP Express offers an easy way to input and manage ENUM records.

By placing telephone numbers into the DNS server, ENUM can facilitate interoperability for a wide range of applications including VoIP, video, presence, and instant messaging.

External Systems Integration and Support

Integration with external systems

Users are able to streamline intersystem workflow using robust API/CLIs for communication between related asset inventory and network management systems.

The IPAM API is available for integration with third-party applications such as provisioning systems and change management systems. A callout manager service can trigger downstream flows (for example, to a router provisioning system), helping to automate the workflow process, improving accuracy, speeding up the provisioning process, and lowering OpEx.

The DHCP migration tool enables an organization currently running a Microsoft DHCP server to easily move its configuration and current DHCP leases over to a Cisco Prime IP Express server.

Integration with Microsoft AD

Cisco Prime IP Express supports external authentication using Microsoft AD. This integration allows an organization to use AD as the single source for authentication for enforcement of controls and security policies. This reduces potential access or security errors and ensures that operating costs and procedures are not impacted when migrating to Cisco Prime IP Express.

Deployment Environments: Virtual, Physical, and Cloud

Virtual appliance deployment option

Cisco Prime IP Express DHCP, DNS, and the DNS caching server can be deployed as a preconfigured virtual appliance and will run on any VMware ESXi 5.X-capable server running Linux or Windows. Deployment of a virtual appliance helps simplify installation, lower deployment risks, and reduce startup costs.

Software deployment option

Physical deployment of Cisco Prime IP Express offers choice of hardware and three operating systems: Solaris, Linux, and Windows or VMware with Linux/Windows.

To place an order, visit the Cisco® Ordering Homepage. See the Cisco Prime IP Express Ordering Guide for a list of Cisco Prime IP Express product numbers and upgrade product numbers as well as detailed licensing information. To download software, visit the Cisco Software Center.

About Cisco Prime

The Cisco Prime portfolio of IT and service provider management offerings empowers organizations to more effectively manage their networks and the services they deliver. Built on a service-centered foundation, Cisco Prime supports integrated lifecycle management through an intuitive workflow-oriented user experience, providing A-to-Z management for evolved programmable networks, mobility, video, cloud, and managed services.

Cisco Services

Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services or Cisco Advanced Services.